Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:MISC:MAC-COMM-EXEC |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Apple Mac OS X Archive Metadata Command Execution |
Release Date |
2015/06/09 |
Update Number |
2503 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apple Mac OS X Archive Metadata Command Execution
This signature detects attempts to exploit a known vulnerability against Apple MAC. A successful exploit can lead to remote command execution.
Extended Description
Apple Mac OS X is prone to an arbitrary command-execution vulnerability when processing metadata in archive files. Commands would be executed in the context of the user opening the archive file. Attackers can reportedly use Safari and Apple Mail as exploitation vectors for this vulnerability. Mac OS X 10.4.5 is reported to be vulnerable. Earlier versions may also be affected.
Affected Products
- Apple mac_os_x 10.3.9
- Apple mac_os_x 10.4.5
- Apple mac_os_x_server 10.3.9
- Apple mac_os_x_server 10.4.5
References
- BugTraq: 16736
- CVE: CVE-2006-0848